I've heard that salt is not meant to be secret, but what if I made it secret?@Buge What I had meant here was, there is usually going to be 1 salt stored in the code, not one for each hash. Having a unique salt for each hash may increase the time it takes for a particular brute force attack on the hash, however that is not the purpose of a salt. There might be a better way of increasing the resistance to brute force attacks by increasing the interations of your hashing algorithm. You can store salts in a database as well as in the code. The security between these two methods may be a seperate question.

Why is password hashing considered so important?@MaciejPiechotka Thanks for bringing up the point where in the case of bruteforcing hashes in a whole unsalted databases, computational time will be reduced by not having to recompute the same hash for each password. However lets also keep in mind that 1000s or more passwords to crack may be insignificant in the future when processors become exponentially faster, or so some have forecasted.

Sep5

comment

Why is password hashing considered so important?@Andy Thank you for providing that link for me. I'm not sure where you are going with the purpose of a salt with my comment talking about computation time effects of hashing passwords with a salt.